EP2989579A1 - Redundant system boot code in a secondary non-volatile memory - Google Patents
Redundant system boot code in a secondary non-volatile memoryInfo
- Publication number
- EP2989579A1 EP2989579A1 EP13882693.8A EP13882693A EP2989579A1 EP 2989579 A1 EP2989579 A1 EP 2989579A1 EP 13882693 A EP13882693 A EP 13882693A EP 2989579 A1 EP2989579 A1 EP 2989579A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- volatile memory
- controller
- boot code
- processor
- compromised
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000015654 memory Effects 0.000 title claims abstract description 119
- 230000001010 compromised effect Effects 0.000 claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 11
- 238000000034 method Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000003213 activating effect Effects 0.000 claims 5
- 238000011084 recovery Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000006266 hibernation Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000007958 sleep Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000005067 remediation Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4004—Coupling between buses
- G06F13/4027—Coupling between buses using bus bridges
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
- G06F11/1417—Boot up procedures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4004—Coupling between buses
- G06F13/4022—Coupling between buses using switching circuits, e.g. switching matrix, connection or expansion network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/061—Improving I/O performance
- G06F3/0613—Improving I/O performance in relation to throughput
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0656—Data buffering arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2053—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
- G06F11/2094—Redundant storage or storage space
Definitions
- a computing system can include code to perform various startup functions of the computing system.
- This code can include Basic Input/Output System (BIOS) code.
- BIOS code can be the subject of attacks by malware in the computing system or from an external service. As a result of an attack, the BIOS code can become compromised.
- Fig. 1 is a block diagram of an example system according to some embodiments.
- Fig. 2 is a flow diagram of a system boot code recovery process according to some implementations.
- Fig. 3 is a block diagram of another example system according to further implementations.
- Malware attacks on system code used to perform startup of a computing system can cause the integrity of the computing system to be compromised such that unauthorized access and operations in the computing system can occur.
- compromised system code can allow covert remote monitoring and/or control of the computing system by a malicious entity, unauthorized access and/or modification of data in the computing system by malware, disablement of the computing system, and so forth.
- Compromised system code can refer to system code that has been corrupted such that the system code is no longer usable, or alternatively, compromised system code can refer to system code that has been changed in some way but that is still able to execute. Note that system code can also be compromised accidentally or intentionally.
- a protection mechanism can be provided in a computing system to protect the system code, such protection mechanism may become compromised under certain conditions, which can subject the system code to malware attacks.
- System code used to perform startup of a computing system can include system firmware, which can be in the form of machine-readable instructions executable on a processor (or processors) of the computing system.
- System firmware can cover any machine-readable instructions that are able to perform startup of a computing system. Examples of computing systems include desktop computers, notebook computers, tablet computers, personal digital assistants (PDAs), smartphones, game appliances, server computers, storage nodes, network communication nodes, and so forth.
- System firmware can include Basic Input/Output System (BIOS) code, which can initialize various components of the computing system, and load an operating system (OS) of the computing system.
- BIOS code can perform checking of hardware components to ensure that the hardware components are present and functioning properly. This can be part of a power-on self-test (POST) procedure, for example. After the POST procedure, the BIOS code can progress through the remainder of a booting sequence, after which the BIOS code can load and pass control to the OS.
- BIOS code can include legacy BIOS code or Unified Extensible Firmware Interface (UEFI) code.
- UEFI Unified Extensible Firmware Interface
- the BIOS code can include a runtime portion that is executed after the OS loads.
- the system firmware can be stored in non-volatile memory, such as a flash memory or any other persistent memory that is programmable. Once system firmware in a non-volatile memory is compromised, one possible remediation may involve physically replacing a component that includes the non-volatile memory. Such a technique of addressing compromised system firmware can be labor- intensive, costly, and time-consuming.
- a secondary non-volatile memory can be provided that is in addition to a primary non-volatile memory that stores a primary version of the system firmware. The secondary non-volatile memory can store a redundant version of the system firmware. If the system firmware in the primary non-volatile memory becomes compromised, then the system firmware in the secondary non-volatile memory can be used instead.
- system firmware can refer to any code that can boot a computing system after restart or can resume the computing system from a low power state.
- Fig. 1 is a block diagram of an example computing system 100 that includes an embedded controller 102, a primary non-volatile memory 104, a processor 106, and a secondary non-volatile memory 1 16.
- the primary non-volatile memory 104 can store a primary version of system firmware (referred to as "primary system firmware” 107), which can include BIOS code.
- the secondary non-volatile memory 106 can store a redundant version of the system firmware (referred to as "redundant system firmware" 1 14).
- the redundant system firmware 1 14 may be an identical copy of the primary system firmware 107, or alternatively, the redundant system firmware 1 14 may be different from the primary system firmware 107 (for example, the redundant system firmware 109 can be an earlier or later version of the system firmware).
- the secondary non-volatile memory 1 16 can be physically separate from the primary non-volatile memory 104 (such as implemented as different physical memory devices). Alternatively, the primary non-volatile memory 104 and the secondary non-volatile memory 1 16 can physically reside on a common memory device, but the primary non-volatile memory 104 and the secondary non-volatile memory 1 16 are in different segments of the physical memory device.
- a switch logic 108 is also provided to selectively connect one of the primary non-volatile memory 104 and secondary non-volatile memory 1 16 to a shared bus 120.
- the shared bus 120 is accessible by the embedded controller 102 and the processor 106.
- an input/output (I/O) controller may be provided between the processor 106 and the shared bus 120.
- the switch logic 108 is connected over a first link 1 10 to the primary nonvolatile memory 104, and over a second link 1 12 to the secondary non-volatile memory 1 16.
- the switch logic 108 is controlled by a select signal 122 from the embedded controller 102.
- the switch logic 108 can be a
- the switch logic 108 connects the shared bus 120 and the first link 1 10, such that the primary non-volatile memory 104 is accessible over the shared bus 120. If the select signal 122 is at a second, different state, then the switch logic 108 connects the shared bus 120 and the second link 1 12, such that the secondary non-volatile memory 1 16 is accessible over the shared bus 120.
- the connected one of the primary and secondary non-volatile memories 104 and 1 16 is a shared non-volatile memory.
- the non-volatile memory is "shared" in the sense that it is accessible by multiple entities, including the embedded controller 102 and at least one other entity
- the other non-volatile memory that is not connected by the switch logic 108 to the shared bus 120 is inaccessible over the shared bus 120.
- the secondary non-volatile memory 1 16 can be connected to the embedded controller 102 over a private bus 124.
- the private bus 124 can be used by the embedded controller 102 to copy the redundant system firmware 1 14 (and system data) to the secondary non-volatile memory 1 16 during provisioning of the computing system 100 (such as at the factory or at a service site).
- the private bus 124 is omitted.
- the default configuration of the computing system 100 can be one where the switch logic 108 is controlled by the embedded controller 102 to connect the primary non-volatile memory 104 to the shared bus 120, while the secondary non-volatile memory 1 16 is isolated from the shared bus 120 by the switch logic 108.
- the primary system firmware 107 is retrievable by the processor 106 and can be executed on the processor 106 to perform system boot or resume.
- the secondary non-volatile memory 1 16 is accessible by the embedded controller 102, but is inaccessible to the processor 106 or to other components in the computing system 100. Making the secondary non-volatile memory 1 16 inaccessible to the processor 106 and other components in the default configuration protects the content of the secondary non-volatile memory 1 16 from unauthorized tampering.
- the embedded controller 102 can perform various actions. First, in some implementations, the embedded controller 102 attempts to recover from the compromised system firmware 107 in the primary non-volatile memory 104 by copying the redundant system firmware 1 14 from the secondary non-volatile memory 1 16 to the primary non-volatile memory 104, to replace the compromised system firmware 107 with the redundant system firmware 1 14.
- an error or fault in the computing system 100 may prevent the recovery of the system firmware 107 in the primary non-volatile memory 104.
- the error or fault in the computing system 100 may have contributed to the detection of compromise of the primary system firmware 107.
- the state of the select signal 122 can be changed to connect the secondary non-volatile memory 1 16 to the shared bus 120, and to isolate the primary non-volatile memory 104 from the shared bus 120.
- Such a configuration can be referred to as a "secondary
- the redundant system firmware 1 14 is retrievable by the processor 106 and can be executed on the processor 106.
- the embedded controller 102 may detect that the recovery of the compromised system firmware 107 is not possible if the embedded controller 102 determines that the embedded controller 102 is unable to successfully write the redundant system firmware 1 14 to the primary non-volatile memory 104, such as due to fault of the primary non-volatile memory 104 or the link 1 10.
- the embedded controller 102 may detect that the recovery of the compromised system firmware 107 is not possible if the embedded controller 102 performs a recovery operation (to copy the redundant system firmware 1 14 to the primary system firmware 107), and following this recovery operation, the embedded controller 102 again detects that the primary system firmware 107 is still compromised.
- just one entity can have access to the shared bus 120 at any given time, such that just one entity can access the shared nonvolatile memory (the one of the primary and secondary non-volatile memories that is connected to the shared bus 120) at a time.
- the shared bus 120 is a shared Serial Peripheral Interface (SPI) bus.
- SPI Serial Peripheral Interface
- An SPI bus is a synchronous serial data link in which devices on the SPI bus operate in a master-slave mode.
- another type of shared bus 120 can be used.
- an arbitration mechanism can be provided to allow for shared access of the bus 120 in various states of the computing system, including a low power state and a normal runtime state.
- the system firmware 107 or 1 14 can include a boot block.
- the boot block is a part of the BIOS code, and is first executed when the computing system 100 starts up. The boot block is executed first before the rest of the BIOS code is allowed to execute. The boot block can be used to check the integrity of the BIOS code as well as to perform other initial functions. If the boot block confirms the integrity of the BIOS code, then the boot block can pass control to the main portion of the BIOS code for initiating the remaining operations associated with the BIOS code.
- the boot block can include core root of trust for measurement (CRTM) logic, which is logic specified by the Trusted Computing Group (TCG), an industry standard work group.
- CRTM core root of trust for measurement
- TCG Trusted Computing Group
- the CRTM logic can perform certain initialization tasks and can make a number of measurements that are stored for later use.
- the CRTM logic can then check the BIOS code before passing control to the main portion of the BIOS code. Once the BIOS code completes execution and passes control to the OS, the OS can verify the trustworthiness of the computing system 100 based on measurements taken by the CRTM logic.
- the embedded controller 102 is physically separate from the processor 106 of the computing system 100.
- the processor 106 is used for executing the OS, application code, and other code in the system 100.
- the embedded controller 102 can be used to perform specific predefined tasks.
- Examples of tasks that can be performed by the embedded controller 102 include any one or some combination of the following: power supply control in the computing system 100 (for controlling a power supply that supplies power supply voltages to various components in the computing system 100), charging and control of a battery in the computing system 100, thermal monitoring (to monitor a temperature in the computing system 100), fan control (to control a fan in the computing system 100), and interaction with a user input device (such as performing a scan of a keyboard of the computing system 100 or interaction with a pointing device such as a mouse, touchpad, touchscreen, and so forth).
- the embedded controller 102 can be implemented with a microcontroller, an application-specific integrated circuit (ASIC), a programmable gate array (PGA), or any other type of programmable circuit.
- ASIC application-specific integrated circuit
- PGA programmable gate array
- the embedded controller 102 includes a processing circuit 126 that is able to perform the specified tasks of the embedded controller 102.
- the processing circuit 126 includes hardware circuitry.
- the processing circuit 126 can execute machine-readable instructions, such as in the form of an embedded controller firmware (EC firmware) or other controller code.
- EC firmware embedded controller firmware
- the EC firmware may be initially stored in the primary or secondary non-volatile memory 104 or 1 16, and can be loaded into the embedded controller 102 for execution.
- controller code executable on the embedded controller 102 can be
- Fig. 2 is a flow diagram of a process according to some implementations.
- the processing circuit 126 in the embedded controller 102 determines (at 202), during a period in which the processor 106 is not accessing the primary non-volatile memory 104 (such as due to the processor 106 being disabled or otherwise being idle), whether the primary system firmware 107 stored in the primary non-volatile memory 104 is compromised and the embedded controller 102 is unable to recover the compromised primary system firmware 107 (as discussed above).
- the processor 106 being disabled refers to the processor 106 being in a powered off state (no power is provided to the main processing part of the processor 106) or in a reset state (e.g. a reset signal to the processor 106 is asserted that prevents the processor 106 from executing machine-readable instructions).
- the processing circuit 126 changes the state of the select signal 122 to activate (at 204) the switch logic 108 to connect the secondary non-volatile memory 1 16 to the shared bus 120 and to disconnect the primary non-volatile memory 104 from the shared bus 120.
- the secondary non-volatile memory 1 16 Upon connection by the switch logic 108 to the shared bus 120, the secondary non-volatile memory 1 16 becomes accessible by the processor 106, which can retrieve the redundant system firmware 1 14 from the secondary nonvolatile memory 1 16 for execution (at 206) at the processor 106.
- the switch logic 108 Upon connection by the switch logic 108 to the shared bus 120, the secondary non-volatile memory 1 16 becomes accessible by the processor 106, which can retrieve the redundant system firmware 1 14 from the secondary nonvolatile memory 1 16 for execution (at 206) at the processor 106.
- the determination (at 202) of whether system firmware has been compromised can be based on performing verifying of the system firmware.
- Verifying a piece of code can refer to cryptographically validating that the piece of code has not been changed and/or confirming that the piece of code is from a trusted source.
- the verifying of the system firmware can be performed by the embedded controller 102 prior to each instance of restarted execution of the system firmware (from the primary or secondary non-volatile memory) by the processor 106, such as due to a cold reset of the computing system 100, a resume from a low power state of the computing system 100, an operating system restart, and so forth. It is noted that the system firmware can also be verified by the embedded controller 102 each time the computing system 100 enters a low power state. In other examples, the embedded controller 102 can also verify the system firmware when the processor 106 remains powered.
- a low power state of the computing system 100 refers to a state of the computing system 100 in which the processor 106 and certain other hardware components of the system 100 are off (e.g. no power is provided to the main processing part of the processor and certain other hardware components). In the low power state, power can still be provided to the embedded controller 102.
- the computing system 100 can transition to a low power state in any of the following scenarios: (1 ) as part of a cold reset of the computing system 100 that caused the system 100 to be powered off for subsequent power on, or (2) as part of a power savings procedure, in which the computing system 100 can transition from a normal operating state to a sleep state, hibernation state, or an off state after a time period of inactivity, or in response to detecting a low battery condition, or in response to user or application command, or for another reason, or (3) in any other scenario.
- Examples of low power states can include certain Advanced Configuration and Power Interface (ACPI) states, including: the ACPI S3 state (which is a form of a standby or sleep state in which the system context of the computing system 100 is maintained in volatile memory that remains powered while some components of the computing system 100 are powered off); the ACPI S4 state (which is a form of hibernation state in which the system context is saved to persistent storage to allow power to be removed from additional computing system components, including volatile memory); and the ACPI S5 state (which is a form of system off state, in which power has been removed from even more components of the computing system 100).
- ACPI S3 state which is a form of a standby or sleep state in which the system context of the computing system 100 is maintained in volatile memory that remains powered while some components of the computing system 100 are powered off
- the ACPI S4 state which is a form of hibernation state in which the system context is saved to persistent storage to allow power to be removed from additional computing system components, including volatile memory
- the ACPI S5 state which is
- the embedded controller 102 can perform verification of the system firmware in response to a warm reset of the computing system 100, in which a computing system 100 is restarted without removing power to the computing system 100.
- the computing system 100 can be forced to transition to an appropriate low power state (such as certain ones of the low power states listed above) when the warm reset is detected.
- the embedded controller 102 can perform the verification at any time, even when the computing system is not in a low power state. For example, the embedded controller 102 can perform the verification when the processor is idle or not accessing the primary non-volatile memory 104. The verification by the embedded controller 102 can also be performed in "real-time," as the system firmware is retrieved for execution by the processor.
- Fig. 3 is a block diagram of a computing system 100 according to further implementations.
- the computing system 100 of Fig. 3 includes an input/output (I/O) controller 302, which is connected between the processor 106 and the shared bus 120.
- the I/O controller 302 can be a Platform Controller Hub (PCH) from Intel Corporation.
- the PCH can include various functions, including a display interface to a graphics subsystem, a system bus interface to a system bus to which various I/O devices can be connected, and so forth. In other examples, other types of I/O controllers can be used.
- the embedded controller 102 is coupled to a user input device 301 (e.g. a mouse device or other type of input device), a keyboard 302, a fan 303, a battery 304, and a power supply 305, to manage the respective devices (under control of EC firmware executing in the embedded controller 102).
- the EC firmware executing in the embedded controller 102 can be loaded from the primary or secondary non-volatile memory 104 or 1 16.
- the system firmware 107 in the primary non-volatile memory 104 includes a boot block 306.
- the boot block 306 can include EC firmware 307.
- the EC firmware 307 can be separate from the system firmware 107.
- the secondary system firmware 1 14 in the secondary nonvolatile memory 1 16 includes a boot block 308 and EC firmware 309.
- the embedded controller 102 includes cryptographic hardware 312, which can perform cryptographic computations, such as those used in the verifying of EC firmware and system firmware.
- the cryptographic hardware 312 can be in the form of circuitry that is configured to perform cryptographic
- the embedded controller 102 further includes a read-only memory (ROM) 314, which can be used to store a boot loader 316 and an encryption key 318.
- the encryption key 318 can be the key (public key or private key) used to perform verification of the EC firmware (307 or 309).
- the boot loader 316 is loaded from the ROM 314 to execute in the embedded controller 102 to retrieve EC firmware from the primary or secondary non-volatile memory 104 or 1 16 into a random access memory (RAM) 319 of the embedded controller 102.
- the boot loader 316 can take steps to ensure that no other entity except the embedded controller 102 has access to the shared bus 120 during the EC firmware load operation.
- the boot loader 316 can find a pointer (or other reference) to an EC firmware image, which can be stored in the primary or secondary non-volatile memory 104 or 1 16.
- the retrieved EC firmware is verified by verification logic in the embedded controller 102, where the verification logic can include functionality in the boot loader 316 that is able to invoke the cryptographic hardware 312 to assist in performing cryptographic computations.
- the verification of the EC firmware retrieved from a non-volatile memory (104 or 1 16) can be performed during an initialization procedure of the embedded controller 102.
- An initialization procedure of the embedded controller 102 refers to a procedure that is performed when the embedded controller 102 first starts after the embedded controller 102 has been reset or after a power cycle of the embedded controller 102 (where power is removed from and then re-applied to the embedded controller 102).
- the EC firmware can verify system firmware (107 or 1 14) prior to each restarted execution of the system firmware by the processor 106.
- a signature 322 is associated with the EC firmware 108, and a signature 324 is associated with the boot block 306.
- a signature 340 is associated with the EC firmware 309
- a signature 342 is associated with the boot block 308.
- the signature 322 or 340 is used in the verification of the respective EC firmware 307 or 309, while the signature 340 or 342 is used in the verification of the respective boot block 306 or 308.
- Use of a signature in the verification process can allow a determination of the authenticity of the respective EC firmware or boot block, and a determination that the respective EC firmware or boot block has not been
- the verification of the EC firmware 307 or 309 can be accomplished by decrypting the respective signature 322 or 340 using the encryption key 318 stored in the embedded controller ROM 314. Decrypting the signature produces a respective value (e.g. hash value) that can be compared with a corresponding calculated value (e.g. hash value) of the EC firmware. If the foregoing values match, then the EC firmware is verified.
- a similar process can be used for verifying the BIOS boot block 306 or 308 using the respective digital signature 324 or 342.
- Each of the primary and secondary non-volatile memories 104 and 1 16 can also store system data 336 or 338 that relates to configuration of various aspects of the computing system 100.
- the system data 336 or 338 can include machine unique data, network interface controller data, layout descriptor data, and so forth.
- the network interface controller data can include configuration data of a network interface controller (that is used to perform communications over a network).
- the layout descriptor data can include information that describes a layout of the primary and secondary non-volatile memories 104 and 1 16, and configuration parameters for the I/O controller 302.
- the machine unique data can refer to any data or settings that are unique to each particular computing system.
- Examples of machine unique data can include any or some combination of the following: product name, product model, stock- keeping unit (SKU) number (for identifying the respective computing system for sale), a serial number of the computing system, a system or commodity tracking number (for identifying a system board of the computing system), a system
- SKU stock- keeping unit
- a computing system is able to continue operation even in the event of a system fault or error that prevents recovery of the system firmware in the primary non-volatile memory. The ability to continue operation does not have to involve manual intervention by a human.
- Machine-readable instructions such as those executable in the
- embedded controller 102 or the processor 106 can be loaded from a machine- readable or computer-readable storage medium (or storage media).
- the storage media can include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices.
- semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories
- magnetic disks such as fixed, floppy and removable disks
- other magnetic media including tape optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices.
- CDs compact disks
- DVDs digital video disks
- Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture).
- An article or article of manufacture can refer to any manufactured single component or multiple components.
- the storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Mathematical Physics (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2013/037725 WO2014175862A1 (en) | 2013-04-23 | 2013-04-23 | Redundant system boot code in a secondary non-volatile memory |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2989579A1 true EP2989579A1 (en) | 2016-03-02 |
EP2989579A4 EP2989579A4 (en) | 2016-11-30 |
EP2989579B1 EP2989579B1 (en) | 2018-06-06 |
Family
ID=51792251
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP13882693.8A Active EP2989579B1 (en) | 2013-04-23 | 2013-04-23 | Redundant system boot code in a secondary non-volatile memory |
Country Status (5)
Country | Link |
---|---|
US (1) | US9785596B2 (en) |
EP (1) | EP2989579B1 (en) |
CN (1) | CN105122262B (en) |
TW (1) | TWI530790B (en) |
WO (1) | WO2014175862A1 (en) |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9990255B2 (en) | 2013-04-23 | 2018-06-05 | Hewlett-Packard Development Company, L.P. | Repairing compromised system data in a non-volatile memory |
WO2014175867A1 (en) | 2013-04-23 | 2014-10-30 | Hewlett-Packard Development Company, L.P. | Verifying controller code and system boot code |
WO2014175861A1 (en) * | 2013-04-23 | 2014-10-30 | Hewlett-Packard Development Company, L.P. | Recovering from compromised system boot code |
CN104657233A (en) * | 2015-01-28 | 2015-05-27 | 加弘科技咨询(上海)有限公司 | Backup restoration method and system for BIOS (Basic Input Output System) boot block in X86 system |
DE102015108504B4 (en) | 2015-05-29 | 2019-05-02 | Fujitsu Client Computing Limited | Method for safely booting a computer system and computer system |
FR3043229B1 (en) | 2015-11-03 | 2018-03-30 | Proton World International N.V. | SECURE STARTING OF AN ELECTRONIC CIRCUIT |
FR3043228B1 (en) | 2015-11-03 | 2018-03-30 | Proton World International N.V. | STARTING THE CONTROL OF AN ELECTRONIC CIRCUIT |
US10223217B2 (en) * | 2015-11-24 | 2019-03-05 | Ricoh Company, Ltd. | Information processing device, method for booting information processing device, and non-transitory recording medium |
US9928367B2 (en) * | 2015-12-03 | 2018-03-27 | Hewlett-Packard Development Company, L.P. | Runtime verification |
US10019577B2 (en) * | 2016-04-14 | 2018-07-10 | Dell Products, L.P. | Hardware hardened advanced threat protection |
JP6740789B2 (en) * | 2016-08-03 | 2020-08-19 | 富士通株式会社 | Storage control device and storage device management program |
US10515218B2 (en) * | 2016-10-01 | 2019-12-24 | Intel Corporation | Systems, apparatuses, and methods for platform security |
CN108399328B (en) * | 2017-02-08 | 2021-04-27 | 新唐科技股份有限公司 | System memory content authentication apparatus and method |
CN108228387B (en) * | 2017-12-27 | 2019-11-05 | 中兴通讯股份有限公司 | A kind of starting control method, electronic equipment and computer readable storage medium |
US11068599B2 (en) * | 2018-12-19 | 2021-07-20 | Dell Products, L.P. | Secure initialization using embedded controller (EC) root of trust |
US10853179B2 (en) * | 2018-12-21 | 2020-12-01 | Dell Products L.P. | Information handling system and method for restoring firmware in one or more regions of a flash memory device |
US11418335B2 (en) | 2019-02-01 | 2022-08-16 | Hewlett-Packard Development Company, L.P. | Security credential derivation |
WO2020167283A1 (en) | 2019-02-11 | 2020-08-20 | Hewlett-Packard Development Company, L.P. | Recovery from corruption |
EP3792801B1 (en) * | 2019-09-11 | 2022-11-09 | Secure Thingz Limited | A processor system |
JP6918994B2 (en) * | 2020-01-09 | 2021-08-11 | レノボ・シンガポール・プライベート・リミテッド | Information processing device and information processing method |
TWI722852B (en) * | 2020-03-30 | 2021-03-21 | 技嘉科技股份有限公司 | Solid-state disk and startup method |
WO2021216046A1 (en) * | 2020-04-21 | 2021-10-28 | Hewlett-Packard Development Company, L.P. | Bios updates |
US20230205545A1 (en) * | 2020-05-29 | 2023-06-29 | Hewlett-Packard Development Company, L.P. | Bios configurations via provisioning devices |
FR3111441B1 (en) | 2020-06-10 | 2022-08-05 | Proton World Int Nv | Secure start of an electronic circuit |
TWI760805B (en) * | 2020-07-31 | 2022-04-11 | 廣達電腦股份有限公司 | Autonomous driving system with dual secure boot |
US20220100504A1 (en) * | 2020-09-25 | 2022-03-31 | Advanced Micro Devices, Inc. | Shared data fabric processing client reset system and method |
JP7011697B1 (en) | 2020-10-09 | 2022-01-27 | レノボ・シンガポール・プライベート・リミテッド | Information processing equipment and information processing method |
US20220197746A1 (en) * | 2020-12-18 | 2022-06-23 | Advanced Micro Devices, Inc. | Combination bios with a/b recovery |
US11809876B2 (en) * | 2021-04-29 | 2023-11-07 | Dell Products L.P. | Trusted platform module protection for non-volatile memory express (NVMe) recovery |
US11487621B1 (en) * | 2021-04-29 | 2022-11-01 | Dell Products L.P. | Linking embedded controller with memory reference code and system bios shadowing |
US11803454B2 (en) * | 2021-04-30 | 2023-10-31 | Dell Products L.P. | Chained loading with static and dynamic root of trust measurements |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2940480B2 (en) | 1996-07-05 | 1999-08-25 | 日本電気株式会社 | Computer system |
TW480444B (en) | 2000-11-29 | 2002-03-21 | Mitac Technology Corp | Computer system boot-up method capable of completing the startup procedure even the system BIOS code is damaged |
TWI280487B (en) | 2004-12-15 | 2007-05-01 | Via Tech Inc | Power-on method for computer system with hyper-threading processor |
US7340595B2 (en) | 2005-01-07 | 2008-03-04 | International Business Machines Corporation | Multiplex execution-path system |
US7193895B2 (en) | 2005-06-24 | 2007-03-20 | Chingis Technology Corporation | Redundant memory content substitution apparatus and method |
DE102006043636A1 (en) | 2006-09-18 | 2008-03-27 | Fujitsu Siemens Computers Gmbh | Computer system and method for updating program code |
US7613872B2 (en) | 2006-11-28 | 2009-11-03 | International Business Machines Corporation | Providing core root of trust measurement (CRTM) for systems using a backup copy of basic input/output system (BIOS) |
US8190950B2 (en) | 2007-12-21 | 2012-05-29 | Atmel Corporation | Dynamic column redundancy replacement |
DE102008011925B4 (en) * | 2008-02-29 | 2018-03-15 | Globalfoundries Inc. | Safe initialization of computer systems |
TWI411959B (en) * | 2008-03-21 | 2013-10-11 | Asustek Comp Inc | Computer system with dual boot-program area and method of booting the same |
US20090248955A1 (en) | 2008-03-31 | 2009-10-01 | Satoru Tamada | Redundancy for code in rom |
TW201007465A (en) | 2008-08-13 | 2010-02-16 | Ene Technology Inc | A sharable memory architecture of cache in a embedded controller and a method of sharing memory |
US8103909B2 (en) | 2008-09-15 | 2012-01-24 | Juniper Networks, Inc. | Automatic hardware-based recovery of a compromised computer |
TWI386852B (en) * | 2008-10-24 | 2013-02-21 | Wistron Corp | System for switching bios and method thereof |
TW201017407A (en) | 2008-10-31 | 2010-05-01 | Ind Tech Res Inst | Nonvolatile data storage system and method thereof |
US8151101B2 (en) | 2008-11-06 | 2012-04-03 | Lenovo (Singapore) Pte. Ltd. | Method, apparatus, and system for quiescing a boot environment |
TW201133342A (en) | 2010-03-30 | 2011-10-01 | Hon Hai Prec Ind Co Ltd | Method for integrating OS into BIOS chip, and method for booting the OS |
US8732527B2 (en) * | 2011-08-16 | 2014-05-20 | Google Inc. | Secure recovery apparatus and method |
-
2013
- 2013-04-23 CN CN201380075918.6A patent/CN105122262B/en active Active
- 2013-04-23 WO PCT/US2013/037725 patent/WO2014175862A1/en active Application Filing
- 2013-04-23 EP EP13882693.8A patent/EP2989579B1/en active Active
- 2013-04-23 US US14/780,929 patent/US9785596B2/en active Active
-
2014
- 2014-03-12 TW TW103108717A patent/TWI530790B/en active
Also Published As
Publication number | Publication date |
---|---|
CN105122262B (en) | 2018-06-05 |
TW201502790A (en) | 2015-01-16 |
US20160055113A1 (en) | 2016-02-25 |
WO2014175862A1 (en) | 2014-10-30 |
TWI530790B (en) | 2016-04-21 |
US9785596B2 (en) | 2017-10-10 |
EP2989579A4 (en) | 2016-11-30 |
CN105122262A (en) | 2015-12-02 |
EP2989579B1 (en) | 2018-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11520894B2 (en) | Verifying controller code | |
US9785596B2 (en) | Redundant system boot code in a secondary non-volatile memory | |
US9880908B2 (en) | Recovering from compromised system boot code | |
US9734339B2 (en) | Retrieving system boot code from a non-volatile memory | |
US10089472B2 (en) | Event data structure to store event data | |
US9852298B2 (en) | Configuring a system | |
EP2989547B1 (en) | Repairing compromised system data in a non-volatile memory | |
JP5767751B2 (en) | Method, computing platform, and program for verifying BIOS | |
US9928367B2 (en) | Runtime verification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20151012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602013038724 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: G06F0021000000 Ipc: G06F0013400000 |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20161031 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 11/14 20060101ALI20161025BHEP Ipc: G06F 13/40 20060101AFI20161025BHEP Ipc: G06F 21/57 20130101ALI20161025BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20180202 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1006847 Country of ref document: AT Kind code of ref document: T Effective date: 20180615 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602013038724 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20180606 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180906 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180906 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180907 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1006847 Country of ref document: AT Kind code of ref document: T Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181006 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602013038724 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20190307 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20190430 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190423 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190430 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190430 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190430 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190430 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190423 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181008 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20130423 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20180606 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20240320 Year of fee payment: 12 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20240320 Year of fee payment: 12 |